ADDENDUM TO THE PRIVACY POLICY: PROCESSING OF SENSITIVE HEALTH DATA AND THIRD-PARTY AI SUBPROCESSORS
Last updated: May 23, 2026
Other policies
- PRIVACY POLICY
- TERMS OF SERVICE
- MANDATORY CONSUMER DISCLOSURE AND RECURRING SUBSCRIPTION TERMS
- MEDICAL DISCLAIMER
- ARE YOU SURE YOU WANT TO DELETE YOUR ACCOUNT?
- DATA COLLECTION & PERFORMANCE TRACKING SENSITIVITY
- FAMILY INVITATION: SHARED ACCESS & DATA SENSITIVITY
- SECURE SIGN-IN WITH BIOMETRIC AUTHENTICATION
- ONROOM INC. BILLING & REFUND POLICY ADDENDUM
- COMPANY INFORMATION
This addendum to the Bebetick Privacy Policy governs the processing of sensitive health data and the use of third-party AI subprocessors by ONROOM Inc., in compliance with PIPEDA and PIPA.
1. Data Controller Identification
The services under the Bebetick Application are operated by ONROOM Inc. ("the Company"), with its principal registered office located at Toronto, Ontario, Canada, and contact reachable via [email protected].
2. Collection of Sensitive Personal and Infant Health Data
Pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and the Personal Information Protection Act (PIPA) of South Korea, the Company collects and processes sensitive personal data only under explicit, unbundled user consent. Collected sensitive items include:
- Infant daily physiological and health logs (including sleep intervals, feeding volumes, body temperature, diaper changes, and developmental milestones).
- Device-level biometric authorization credentials (such as Face ID or Touch ID) processed locally on your device to facilitate secure application sign-in.
3. Third-Party AI Subprocessing Disclosure (OpenAI API Integration)
To provide the automated cognitive and analytical features of "Berry AI" (the Chatbot service), the Application transmits certain user-inputted developmental logs to our third-party data subprocessor, OpenAI, LLC, located in the United States.
- Strictly Non-Identifiable Processing: All transmitted logs are entirely anonymized and purged of any personally identifiable information (including names, account IDs, and contact credentials) prior to API transmission.
- Model Training Prohibited: Under our active Data Processing Addendum (DPA) with OpenAI, the subprocessor is strictly prohibited from retaining, using, or training its models on the API payload.
- Right to Withdraw Consent: You hold an absolute, non-penalized right to opt out of AI processing at any time by toggling the data sharing control located in the Application Settings.
4. Data Retention and Permanent Deletion (Right to Erasure)
- Soft Delete Retention: Upon receiving a formal account deletion request from the user, all account metadata and linked health records will be restricted from active usage and securely kept in a soft-deleted state for exactly thirty (30) days.
- Permanent Purging: Within 24 hours of the expiration of the 30-day retention period, the Company's automated database routines will permanently and irreversibly delete or anonymize all associated records from our cloud storage.